Computer Network and Internet Security Awareness and Responsible Use. Indian River County School District

Transcription

1 Computer Network and Internet Security Awareness and Responsible Use Indian River County School District

2 Through the availability of electronic resources provided by the School District of Indian River County, you will be exposed to security threats and the risk of compromising confidential information. This security awareness PowerPoint is designed to make you aware of various threats, security breaches, and other incidents that may put students, yourself, and school district property at risk. 2

3 The School Board of Indian River County is committed to the effective use of technology to both enhance the quality of student learning and the efficiency of School Board operations. It also recognizes that safeguards have to be established to ensure that student and employee confidential information is protected and that technology resources are used in accordance with federal and state laws, as well as School Board policies. The use of technology resources is a privilege, not a right. 3

4 The Network and Internet Responsible Use and Safety Policy (RUP) is a set of rules applied to the School District of Indian River County s computer systems and network that define the ways in which the network or systems may be used. All users are required to fully read and electronically accept the RUP. The complete RUP can be found on the School Board page of the District s website. From the District s home page, click School Board then Board Policies. The Staff RUP is policy number

5 Network accounts provide logon access to district computers, , databases, storage, and other network resources. Network accounts are provided to full-time faculty, staff, and active students. Upon signing the RUP electronically, the user s account will automatically be activated and a password will be assigned. Inappropriate, prohibited, or unauthorized use of School Board network and/or electronic resources may result in cancellation of a user s privileges and/or disciplinary action. 5

6 Users are solely responsible for their network account, as well as any misuse of electronic resources. Please refer to the RUP for specific policies regarding misuse. Users may not share passwords, allow others to login to their network account, access their profile, or misuse assigned permissions. Employees must lock or log off their computer each time they leave it unattended. To lock a computer, press Ctrl + Alt + Delete at the same time and select Lock this computer. Shortcut to lock a computer = Windows button + L ( + L ) Students must log off their computer each time they leave it unattended. They should not lock their computer unless directed by the teacher. 6

7 Employee network account passwords must be changed every 60 days. You will automatically be prompted to change your password prior to expiration. Employee passwords must be at least 8 characters and include 3 of the 4 types of characters below: (i.e. Monday3!) UPPERCASE (A, B, C, D) Lowercase (e, f, g, h) Number (1, 2, 3, 4) Symbol #) The system will not allow you to use your previous 6 passwords. 7

8 Internet access is provided to district employees and students for educational and work related activities. Internet access may not be used for personal gain or profit. Internet traffic is monitored and logged per user. Peer to peer file sharing applications are not permitted. Examples: LimeWire, BearShare, UTorrent 8

9 What is malware? Malware, short for malicious software, is designed to help hackers disrupt computer operation, gather sensitive information, or gain unauthorized access to a computer system. Malware includes computer viruses, worms, Trojan horses, spyware, adware, rootkits, and other malicious programs. How to protect against malware? Do not visit questionable websites Do not click on links forwarded in jokes or other s What to do if you suspect malware? Immediately enter a Helpdesk ticket Include as much detail as possible, including any on screen messages Attach a screen shot to the ticket if possible 9

10 What is Social Engineering? The art of manipulating people or situations into performing actions or divulging confidential information, usually based on trust or threats of escalation. Examples: An from the IT Helpdesk asking for your username and password in order to increase your mailbox size. An disguised as a Microsoft Security Bulletin that urges the immediate installation of a security patch that if executed infects the user s computer with a virus or BOT. An claiming you ve won money or some other prize. In order to claim your winnings you must click on a link and fill out your personal information. 10

11 Never open attachments from unknown or unsolicited sources. Never open suspicious attachments even from known sources. Never open forwarded jokes or chainmail. Never respond to s that appear to be from technology staff requesting account or password information. What do you do if you receive a suspicious or attachment? Immediately enter a Helpdesk ticket (To access the Helpdesk, click the icon on your desktop or type supportcenter into your internet browser) Ticket should include as much detail as possible including at least the Subject and Sender Do not forward the , instead delete it from your Inbox and your Deleted Items 11

12 Lock or log off desktop/laptop when walking away. Restrict screen view from others. Be aware of others in proximity to prevent shoulder surfing. Do not leave laptops in cars and always keep them in physical possession at airports or when traveling. Do not attempt to install software on District computers. Do not store your password in close proximity to your computer, everyone knows to look under the keyboard! 12

13 Portable storage devices and removable media must be used with extreme caution. They provide for easy access to information and can be a vehicle for the transmission of malicious software. Examples include, but are not limited to: USB flash drives Flash memory cards (SD, xd, CF etc.) External hard drives CDs/DVDs Cell phones PDAs Cloud Storage Confidential information should never be never be created or uploaded using non-district storage services such as Google Apps, Dropbox, SkyDrive End users are solely responsible for data stored on non-district resources 13

14 Accessing social media through school district resources should be limited to educational purposes only. Confidential student information should never be posted or uploaded. Posting of student photos must follow district policies and require a signed photo release for each student. Confidential student information should never be shared or discussed through the use of social media such as Chat Room, Instant Messaging, Blogs, Wikis, etc.. 14

15 Information backed up for archive or record retention purposes must be protected and secured from unauthorized access. Data and information stored electronically must be properly deleted when no longer needed. Confidential information should not be sent via . Never forward confidential information to non-district accounts. Hardcopies of documents must be shredded and properly discarded. 15

16 What is an incident? Any event that would be considered in violation of the District s Network and Internet Acceptable Use Policy. What is a security breach? An act from outside the school district that bypasses or contravenes security policies, practices, or procedures. A similar internal act is called a security violation. 16

17 Incident response for employees Immediately contact the local I.T. staff (Lab Assistant or Ed. Tech) If local I.T. staff are unavailable, call the Helpdesk at extension 3069 Leave the computer or electronic device in its current state unless otherwise instructed by the local I.T. staff If leaving the work area, secure any electronic devices or sensitive information Refrain from discussing the incident with others aside from your supervisor or principal Incident response for local I.T. staff Immediately contact the Network Administrator Enter a Helpdesk ticket logging the incident, without including sensitive or confidential information Secure computers, electronic devices, or sensitive information 17

18 As access to electronic resources and information expands exponentially, so do the threat of security breaches, malware attacks, hackers and rapidly growing ways of disrupting computer systems and obtaining confidential information. Although the school district employs various security measures, it is up to you to be well informed and vigilant against these threats. Remember Think first, click second! 18